CVE-2020-24568: SQL Injection
First published: Fri Oct 02 2020(Updated: )
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the lancompenent component, allowing logged-in attackers to discover arbitrary information.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mbconnectline Mbconnect24 | <=2.6.1 | |
| Mbconnectline Mymbconnect24 | <=2.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-24568.
What is the title of this vulnerability?
The title of this vulnerability is 'An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1.'
What is the severity rating of CVE-2020-24568?
The severity rating of CVE-2020-24568 is medium with a CVSS score of 6.5.
What is the affected software for CVE-2020-24568?
The affected software for CVE-2020-24568 is MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 versions up to and including 2.6.1.
Is there a fix available for CVE-2020-24568?
It is recommended to update the affected software to the latest version to fix CVE-2020-24568. Please refer to the vendor's security advice link for more information.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/event
- agent/weakness
- agent/type
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/mbconnectline
- canonical/mbconnectline mbconnect24
- version/mbconnectline mbconnect24/2.6.1
- canonical/mbconnectline mymbconnect24
- version/mbconnectline mymbconnect24/2.6.1